Software Integrity Blog

Hacktivism: The less I know the better?

There’s been yet another hack! This time, the band Tame Impala fell victim to to a Twitter hijacking with supposedly altruistic motives.

On June 6th, Tame Impala’s Twitter account was compromised and used to sent tweets about potential bomb threats to JetBlue and Twitter’s CEO, Jack Dorsey. The hacker responsible for the takeover was nice enough to identify themselves as J5Z and divulged to The Daily Beast detailed information behind the latest attack.

J5Z operates under the Twitter handle, j5zlol, and hacks people in order to teach them lessons about security. J5Z thinks of him/herself as a “hacktivist,” writing: “At first I did this for fun, but I never wanted to do this to ruin people’s careers. I’m just doing it to prevent it from ever happening in case someone who knows how to do it comes along and possibly does some damage. I don’t want to be seen as a bad person, even though I’m most likely being seen like that already.” J5Z also mentions that there are many hackers who maliciously compromise online accounts every day but didn’t call them out explicitly, saying it’s up to those hackers to come forward themselves.

As a “hacktivist” J5Z promotes good password security practices: “Use multiple emails, passwords, etc. Don’t use the obvious stuff like your (date of birth) or name in your password or email.” While the lesson is a valid one, J5Z’s approach is backward.

Hacktivism: The less I know the better?

Illegally hacking into an account is not the most appropriate way to educate people on security or password management. While he sympathizes with the overall message and the urgent need to make a change, there are other forums and tactics to go about alerting someone that their account may be susceptible to an attack. We need to be smarter about how we protect ourselves and our sensitive information from the malicious attackers that are out there, whether they want to educate us or not.